CNIT 127: Exploit Development

Lecture 7: 64-bit Assembler

Not in textbook

64-bit Registers

• rip = Instruction pointer• rsp = top of stack

OS Limitations

• OS uses top half

• User programs use lower half

Windows Limitations

• Windows 2008 Server uses 44 bits– Max. 16 TB RAM

• Windows 8.1, 2015 revision, uses 48 bits– Max. 256 MB RAM

• Links Ch L7d, L7e

System Calls

• syscall replaces INT 80

L7h: Searchable Linux Syscall Table

L7c: Introduction to x64 Assembly | Intel Developer Zone

• More details about registers

Syscall 1: Write

Simplest Program: ABC

Works, then Crashes

Exit

Works Without Crashing

Using a .data section

Objdump

Using gdb

• .data and .text sections appear the same

.text and .data Sections

info registers

Using read

"echo" with a .data section

Works with Junk at End

Caesar Cipher

Works for 4 Bytes Only

Objdump Shows a 32-bit Value

Must use a Register

Now it Works

Challenge 1"Hello from YOURNAME"

Challenge 2Caesar (3 steps back)

Challenge 3: XOR Encryption